CVE-2024-44020

Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:prasadkirpekar:wp_free_ssl:*:*:*:*:*:wordpress:*:*

History

08 Nov 2024, 21:02

Type	Values Removed	Values Added
First Time		Prasadkirpekar Prasadkirpekar wp Free Ssl
CPE		cpe:2.3:a:prasadkirpekar:wp_free_ssl::::::wordpress::*
References	~~() https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve - Third Party Advisory
Summary		(es) Vulnerabilidad de falta de autorización en Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS permite . Este problema afecta a WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: desde n/a hasta 1.2.6.
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 8.8

01 Nov 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-01 15:15

Updated : 2024-11-08 21:02

NVD link : CVE-2024-44020

Mitre link : CVE-2024-44020

CVE.ORG link : CVE-2024-44020

JSON object : View

Products Affected

prasadkirpekar

wp_free_ssl

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-44020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-11-01T15:15:52.483", "references": [{"url": "https://patchstack.com/database/vulnerability/wp-free-ssl/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS allows .\n\nThis issue affects WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Prasad Kirpekar WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS permite . Este problema afecta a WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS: desde n/a hasta 1.2.6."}], "lastModified": "2024-11-08T21:02:41.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prasadkirpekar:wp_free_ssl:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "153C0023-3D74-41A5-B602-5F10C0D497CB", "versionEndIncluding": "1.2.6"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}